Claude Diagrams

Technical diagrams and visualizations - Click any diagram to view full size

Basic DERP Relay FlowVisualizing how Tailscale uses DERP servers for UDP relay and connection establishmentBasic DERP Relay FlowNode A NetworkNode A100.64.1.10Behind NATDERP InfrastructureDERP Servernyc.derp.exampleRelay OnlyNode B NetworkNode B100.64.2.20Behind NAT1. Initial Connectionvia DERP2. Relay EncryptedWireGuard Traffic3. Attempt DirectConnectionNAT Traversal4. Upgrade to DirectP2P ConnectionWhen SuccessfulConnection Types:Active data flow (WireGuard encrypted)DERP relay connectionsNAT traversal attemptsUpgraded direct P2P connection

Basic DERP Relay Flow

Visualizing how Tailscale uses DERP servers for UDP relay and connection establishment

Network Diagrams
Tailscale Kubernetes Operator Proxy ArchitectureKubernetes ClusterTailscale Control Plane• Key Exchange• Policy DistributionTailscale OperatorControllerProxyClassINGRESSweb-proxy100.64.0.10→ web-service:80INGRESSapi-proxy100.64.0.12→ api-service:8080web-serviceClusterIP10.96.0.10api-serviceClusterIP10.96.0.20web-appPodapi-appPodEXITegress-proxy100.64.0.20Routes: 0.0.0.0/0client-podNeeds External DBlaptop100.64.1.5database100.64.2.10directdirectLegend:Online/ConnectedINGRESSIngress Proxy (Connector)EXITExit NodeDirect WireGuard ConnectionControl PlaneKey Features• Zero-config ingress• Automatic proxy deployment• Service discovery• Mesh network integration• ProxyClass management

Tailscale Kubernetes Operator Proxy Architecture

Technical diagram showing Tailscale Kubernetes Operator ingress and egress proxy flows for …

Network Diagrams
Tailscale SSH Session RecordingSecure, private session recording that you controlYour TailnetAll traffic encrypted with WireGuardYour TeamDeveloperAdminSupportTailscale SSH(over WireGuard)Your ServersProduction ServerDatabase ServerWeb ServerRecordingStreamRecorder NodeYour StorageBenefitsComplianceReadyCompleteAudit TrailEnhancedSecurityEasy Debug& SupportYou OwnYour DataPrivacy FirstYour session recordings never leave your tailnet. Tailscale cannot see or access your data.

Tailscale Session Recorder Architecture

Comprehensive diagram showing how Tailscale SSH session recording works, including data flow, …

All Diagrams
Claude Diagrams ArchitectureUser InterfaceWeb BrowserGitHub ActionsCLI ToolsGo Web ServerHTTP HandlerEmbedded FSDocker SupportPort 8080Hugo Static Site GeneratorGallery ThemeContent PagesSVG DiagramsPublic AssetsGitHub Integration• Issue Comments• @claude Mentions• Auto UpdatesClaude API• Diagram Updates• Code Generation• PR CreationDevelopment• Live Reload• Docker Build• CI/CD PipelineDeployment• Docker Image• GitHub Pages• Self-HostedProject Structurecontent/layouts/static/public/main.goconfig/HTTPEmbedsReadsTriggersUpdates DiagramsDev ModeBuildsDeployCI/CD

Claude Diagrams Architecture

Overall architecture of the Claude Diagrams application

Architecture Diagrams
Tailscale Mesh VPN ArchitectureTailscale Control Planecontrol.tailscale.com• Authentication • Key Exchange• Policy Distribution • DERP SelectionDERPUS-WestsfoDERPEU-CentralfraDERPAsia-Pacificsydlaptop100.64.1.5alice.yak-bebop.ts.netmacOS • WireGuardEXITserver100.64.2.10exit.yak-bebop.ts.netLinux • Routes: 0.0.0.0/0phone100.64.3.8bob.yak-bebop.ts.netiOS • WireGuardSUBNEToffice-router100.64.4.1office.yak-bebop.ts.netRoutes: 192.168.1.0/24Office Network192.168.1.0/24Internal Resourcesdirectdirectdirectattempting directNAT Traversal Process1. DISCO packets via DERP2. STUN-like endpoint discovery3. Direct WireGuard tunnel4. Fallback to DERP relay if neededConnection TypesDirect WireGuard (encrypted P2P)DERP Relay (encrypted relay)Control Plane (auth, key exchange)Online/ConnectedMesh VPN Features• True mesh topology (no hub)• WireGuard encryption• Automatic NAT traversal• MagicDNS resolution• ACL-based access control

Tailscale Mesh VPN Architecture

Technical diagram showing Tailscale's mesh VPN architecture with control plane, data plane, and DERP …

Network Diagrams